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EXAMINER'S ANSWER 



This is in response to the appeal brief filed 6/5/2006 appealing from the Office action 
mailed 2/21/2006. 
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(1) Real Party in Interest 

The assignee of the application, Symantec Corporation, is the real part in interest. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial proceedings 
which will directly affect or be directly affected by or have a bearing on the Board's 
decision in the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after final rejection contained in 
the brief is correct. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is 
correct. 

(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

(8) Evidence Relied Upon 

6208720 Curtis et al. 3-2001 
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(9) Grounds of Rejection 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the Invention thereof by the applicant for a patent. 

Claims 1-2, 4-10, 12-26 are rejected under 35 U.S.C. 102(a) as being anticipated by 
U.S. Patent 6208720 B1 to Curtis et al. (hereinafter Curtis). 

Regarding Claim 1 , Curtis discloses the providing a number of alert indications 
containing information related to the incident see Fig. 4 item 408; comparing one or 
more alert indications to a set of rules and declaring a incident if a match is found see 
Fig. 4 item 424; comparing one or more alert indications to a decision table and 
remembering alert indication and comparing to a correlation data see Fig. 2 item 214- 
220; declaring an incident based on threshold value see Fig. 4 item 414-416. 

Regarding Claim 2, Curtis discloses the defined default threshold value is level of 
severity in alert indications see Col 18 Ln 35-44. 

Regarding Claim 3,11, Curtis discloses the incident ticket for each incident having 
description of incident, a conclusion based on the incident, any actions responsive to 
the conclusion, a detail of the alert indications associated with the incident, tracking 
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rules which identify one or more alert indications see Col 25 Ln 48-59 & Col 24 Ln 28-41 
&Col 18 Ln 45-59. 

Regarding Claim 4, Curtis discloses tracking further based on alert indications and 
associating tracking rules along with it see Col 22 Ln 65- Col 23 Ln 21 & Col 22 Ln 3-1 1 . 

Regarding Claim 5, Curtis discloses the associating step being performed after passing 
threshold value and table containing categories and alert codes see Col 18 Ln 13-29. 

Regarding Claim 6, 21, Curtis discloses the updating of tracking rules see Col 19 Ln 23- 
40. 

Regarding Claim 7, Curtis discloses the normalizing of alert information see Fig. 1 item 
124. 

Regarding Claim 8, 16, 20 Curtis discloses the plurality of devices supplying the alert 
indications see Col 7 Ln 1-20 & Fig. 3 item 152a-n. 

Regarding Claim 9, Curtis discloses the default value being derived from a set of rules 
see Col 13Ln43-55. 
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Regarding Claim 10, Curtis discloses the a decision table and set of correlation data 
that identifies patterns and declaring a incident if a match occurs see Col 10 Ln 24-30 & 
Col 9 Ln 45-53; a set of rules containing a number of queries and matching rules and 
inputted alert indications see Col 1 1 Ln 20-49; set of default standards specifying 
minimum value declare an incident see Col 18 Ln 44-59. 

Regarding Claim 12, 19 Curtis discloses the filtering out inputted indication that don't 
meet threshold value and comparing information to rules see Col 18 Ln 13-35. 

Regarding Claim 13-14, Curtis discloses the database storing declared incidents see 
Fig. 1 item 130. 

Regarding Claim 15, Curtis discloses the linking users via global network see Fig. 1 
item 102, 104, 106. 

Regarding Claim 16, Curtis discloses the displaying of incidents see Col 1 1 Ln 39-49 & 
Fig. 3 item 152a-n. 

Regarding Claim 1 7, Curtis discloses the combination of customized and default rules 
see Col 3 Ln 6-23. 
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Regarding Claim 22, Curtis discloses the updating through human based observations 
see Col 11 Ln 31-38. 

(10) Response to Argument 

Claims 1-2, 4-10, 12-26 are not novel over Curtis et aL(U.S Patent 6.208,720). 

The Appellant's arguments regarding the incident ticket being displayed and the ticket 
itself including tracking rules being editable by a user viewing the ticket is not 
persuasive. As Curtis discloses the fraud data being collected and 
analyzed/processed(i.e. displayed) by the human analyst via workstations, and further 
the analyst initiating action see Col 1 1 Ln 50-59. And additionally, Curtis discloses the 
system including interfaces for performing actions in response detected fraud including 
issuing deactivation notifications see Col 1 1 Ln 20-30. The interfaces cited by Curtis 
includes presentation interface, e.g. graphical user interfaces see Col 1 1 Ln 39-49, 
further illustrating the displaying operation. Curtis discloses alerts and alarms(e.g. 
tracking identifiers/rules) being consolidated into cases Col 24 Ln 54-Col 25 Ln 5. 
Theses cases are further analyzed and subjected to parsing by thresholding rules see 
Col 10 Ln 12-30 and also scrutinized by human analysts via workstation and actions are 
taken accordingly see Col 26 Ln 19-23, which would include displaying the incident. 

And Curtis discloses an threshold detector which operates based on threshold rules 
which are modifiable, i.e. editable, during run-time by the human analyst via workstation 
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see Col 3 Ln 1 9-22 & Col 15 Ln 29-36. And further discloses the viewing of cases by an 
analyst and deciding a response and of executing an action based on command of the 
analyst see Col 28 Ln 26-55. Curtis also discloses the tracking rules including a 
measurement types to be monitored see Col 1 6 Ln 1 9-67 and for tracking where to find 
specified data see Co! 15 Ln 37-53. Thus, Curtis' modification and edition of threshold 
rules by extension modifies and edits the alerts and alarms(e.g. tracking 
identifiers/rules). 

Claims 10, 12-20 and 23, 24-26 are also unpatentable for the same reasons as Claim 1- 
2, 4-10, 12-26. 

Furthermore, Curtis discloses the applying of threshold rules to detect fraud cases see 
Col 18 Ln 25-59 and further of comparing the values against an threshold and when it 
has been exceeded alerting the human analyst via workstation see Col 11 Ln 31-38. 
Curtis goes on to mention the database of rules being dynamically modified by an 
human analyst via workstation see Col 19 Ln 7-40. 

Moreover, Curtis discloses the GUI being presented to the user of workstations see Col 
1 1 Ln 43-49. It is commonly known in the art that GUI, graphical user interface, consists 
of displaying or presenting of data which includes an menu. And additionally, Curtis 
discloses the human analysts via workstation being able to generate an response to an 
alert and altering of alerts and rules see Col 1 1 Ln 60-Col 12 Ln 9. 
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In conclusion, Curtis anticipates the recited limitations present in the claims. And the 
arguments presented by the Appellant are not persuasive, in view of Curtis, thus 
rejections should be upheld. 

(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the 
Related Appeals and Interferences section of this examiner's answer. 

For the above reasons, it is believed that the rejections should be sustained. 

Respectfully submitted, 



Venkat Perungavoor 
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Conferees: 



Kim Vu 
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